The principle of least privilege in cybersecurity prescribes that no user should have access to system resources beyond what’s necessary for fulfilling a specific task. Adhering to this principle has become essential, as one of the primary ways malicious actors breach a system is by compromising (legitimate) user access.

The 2020 Global State of Least Privilege Report shows that two-thirds of organizations now consider the implementation of least privilege a top priority in achieving a zero-trust security model.

Below, we take a look at some of the critical drivers for the adoption of least privilege. We also explore the failure of traditional systems and how modern solutions such as Software-Defined Perimeter, Secure Web Gateway and Risk-Based Authentication, among others, engender greater enterprise network security.

Access is Responsibility

According to an Identity Defined Security Alliance (IDSA) study published last year, 79% of enterprises experienced an identity-related security breach in the previous two years. Last year, just as the COVID-19 pandemic gathered momentum, another report revealed a rise in attacker access to privileged accounts, which puts businesses at a greater risk.

It is important to note that in this age where data is everything, access is equal to responsibility. Therefore, the greater access a person has at a given moment, the greater responsibility they have to protect the data that they have access to. According to the State of Security blog, author Anastasios Arampatzis states that the central goal of privilege access management, which he admits covers many strategies, is the enforcement of least privilege.

Privileged accounts are a liability precisely because the data they have access to makes them attractive targets to cyber attackers. The greater the level of access an account has, the more significant the impact of an attack would be. More so, the greater the number of (Read more...)